Overview

File CVE-2023-2603.patch of Package libcap.29616

diff -Nurp libcap-2.63-orig/libcap/cap_alloc.c libcap-2.63/libcap/cap_alloc.c
--- libcap-2.63-orig/libcap/cap_alloc.c	2022-01-24 01:30:38.000000000 +0100
+++ libcap-2.63/libcap/cap_alloc.c	2023-05-16 16:08:54.870513495 +0200
@@ -105,15 +105,17 @@ char *_libcap_strdup(const char *old)
 	errno = EINVAL;
 	return NULL;
     }
-    len = strlen(old) + 1 + 2*sizeof(__u32);
-    if (len < sizeof(struct _cap_alloc_s)) {
-	len = sizeof(struct _cap_alloc_s);
-    }
-    if ((len & 0xffffffff) != len) {
+
+    len = strlen(old);
+    if ((len & 0x3fffffff) != len) {
 	_cap_debug("len is too long for libcap to manage");
 	errno = EINVAL;
 	return NULL;
     }
+    len += 1 + 2*sizeof(__u32);
+    if (len < sizeof(struct _cap_alloc_s)) {
+	len = sizeof(struct _cap_alloc_s);
+    }
 
     raw_data = calloc(1, len);
     if (raw_data == NULL) {
openSUSE Build Service is sponsored by
Places